problems with secure LDAP

Ana Ribas/Upcnet ana.ribas at upcnet.es
Thu Jul 24 07:36:35 EDT 2003 

Hi,

I've been able to configure saslauthd with ldap authentication against my
Lotus Domino eDirectory.
My Cyrus IMAP server works fine too.
I've created the mailboxes and the users can send and receive mail
perfectly.

Now, my following step is try to configure saslauthd for secure ldap.
And, of course, it's my new problem.

My configuration with ldaps is the next one:

saslauthd.conf:
      ldap_servers: ldap://myserver.upc.es:636/
      ldap_port: 636
      ldap_tls_check_peer: yes
      ldap_tls_cacert_file: escert.pem
      ldap_tls_cacert_dir: /var/imap/certs
      ldap_tls_cert: /var/imap/server.pem
      ldap_tls_key: /var/imap/server.pem

And this is the response when I make the test and the ldapsearch:

> saslauthd -a ldap
> testsaslauthd -u juanito -p juanito
0: NO "authentication failed"

> ldapsearch -v -p 636 -h myserver.upc.es -b "O=lcx" "(cn=usuari proves1)"
ldap_init( myserver.upc.es, 636 )
filter pattern: (cn=usuari proves1)
returning: ALL
filter is: ((cn=usuari proves1))
ldap_result: Can't contact LDAP server

The auth.log file results:
Jul 24 12:49:52 delius saslauthd[22180]: [ID 285309 auth.info] detach_tty
: master pid is: 22180
Jul 24 12:49:52 delius saslauthd[22180]: [ID 285309 auth.info] ipc_init
: listening on socket: /var/run/saslauthd/mux
Jul 24 12:50:22 delius saslauthd[22181]: [ID 286158 auth.warning] Unable to
set LDAP_OPT_X_TLS_CACERTFILE (Unknown error).
Jul 24 12:50:22 delius saslauthd[22181]: [ID 948958 auth.warning] Unable to
set LDAP_OPT_X_TLS_CACERTDIR (Unknown error).
Jul 24 12:50:22 delius saslauthd[22181]: [ID 809616 auth.warning] Unable to
set LDAP_OPT_X_TLS_REQUIRE_CERT (Unknown error).
Jul 24 12:50:22 delius saslauthd[22181]: [ID 390630 auth.warning] Unable to
set LDAP_OPT_X_TLS_CERTFILE (Unknown error).
Jul 24 12:50:22 delius saslauthd[22181]: [ID 621624 auth.warning] Unable to
set LDAP_OPT_X_TLS_KEYFILE (Unknown error).
Jul 24 12:51:23 delius imapd[22194]: [ID 702911 auth.warning] Could not
find a dlname line in .la file: libotp.la
Jul 24 12:55:22 delius saslauthd[22181]: [ID 390612 auth.warning]
ldap_simple_bind() failed as anonymous (Can't contact LDAP server)
Jul 24 12:55:22 delius saslauthd[22181]: [ID 462440 auth.warning]
lak_bind() failed
Jul 24 12:55:22 delius saslauthd[22181]: [ID 285309 auth.info] do_auth
: auth failure: [user=juanito] [service=imap] [realm=] [mech=ldap]
[reason=Unknown]

I'm sure the path and name of certificates are correct, but saslauthd seems
unable to set them and I don't know why.
When I compiled SASL 2.1.15 , days ago, I included the option
--with-openssl=/usr/local/ssl

What I can do now?
Thanks in advance.

- ANNA -

More information about the Info-cyrus mailing list